Too Many Passwords–How do MSPs handle Identity Management?

Living in the modern digital world with a constantly growing number of tools, we are creating and managing more user accounts than ever. And with every new account comes another username and password combination that a user must now remember, which their security department has to manage.

How does one minimize user frustration and effectively manage these accounts? Many companies handle this by centralizing their identity information to a single identity provider (IdP), such as Active Directory (AD). This type of identity management may work well for applications with a single managed user base, but what if you’re an MSP and the users are all pulled from different enterprises?

Should applications expect MSPs to manually create and maintain shadow accounts in their own corporate IdP or within the applications themselves every time they onboard customers? How do they maintain accurate account access when dealing with multiple customer IdPs, each with their own access levels? With so many questions, maybe we should take a look at what features a MSP would need from an application from an authentication perspective.

Rapid Deployment: MSPs need to provide rapid access to the appropriate applications in order to accelerate customer success and increase value. An application that can quickly incorporate new user sets without heavy manual effort, removes part of the burden of on-boarding a new customer.

Flexibility: Flexibility to integrate with a variety of IdPs aids on-boarding by reducing the number of roadblocks from external user stores. By supporting integration with a range of user stores, MSPs can maintain control over the user base’s access to the applications while reducing deployment time.

Authorization Control: MSPs provide application services across a range of customers that may each require unique access within an application. MSPs, more than most, require applications that provide multi-tenancy and granular control to individualize access across their customer base.

Scalability: MSPs must maintain clear customer segmentation and by integrating their customer user stores they can provide a complex solution without a substantial impact on their own IT infrastructure for maintenance of the additional user base.

At ScienceLogic, we began 2016 with our v7.8 release, in which we have introduced a new level of control for our customers, giving them more choice in how they, and their users, authenticate. With this release, administrators can now segment the ScienceLogic environment with policies to determine authentication type alignment across multiple LDAP/AD servers, CAC, or the new SAML SSO authentication option. Check back soon for more information! To learn more about all the updates and features in our v7.8 release, check out this blog post.